package org.eclipse.kura.internal.rest.security.provider;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.CharacterCodingException;
import java.nio.charset.CodingErrorAction;
import java.nio.charset.StandardCharsets;
import javax.annotation.security.RolesAllowed;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.core.Response;
import org.eclipse.kura.KuraErrorCode;
import org.eclipse.kura.KuraException;
import org.eclipse.kura.request.handler.jaxrs.DefaultExceptionHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("security/v2")
/* loaded from: input_file:org/eclipse/kura/internal/rest/security/provider/SecurityRestServiceV2.class */
public class SecurityRestServiceV2 extends AbstractRestSecurityService {
    private static final Logger logger = LoggerFactory.getLogger(SecurityRestServiceV2.class);
    private static final String MQTT_APP_ID = "SEC-V2";

    @Override // org.eclipse.kura.internal.rest.security.provider.AbstractRestSecurityService
    public String getMqttAppId() {
        return MQTT_APP_ID;
    }

    @POST
    @RolesAllowed({"security"})
    @Path("/security-policy/apply-default-production")
    public Response applyDefaultProductionSecurityPolicy() {
        try {
            logger.debug("Processing request for method '{}'", "applyDefaultProductionSecurityPolicy");
            this.security.applyDefaultProductionSecurityPolicy();
            this.security.reloadSecurityPolicyFingerprint();
            this.security.reloadCommandLineFingerprint();
            return Response.ok().build();
        } catch (Exception e) {
            throw DefaultExceptionHandler.toWebApplicationException(e);
        }
    }

    @POST
    @RolesAllowed({"security"})
    @Path("/security-policy/apply")
    public Response applySecurityPolicy(InputStream inputStream) {
        try {
            logger.debug("Processing request for method '{}'", "applySecurityPolicy");
            this.security.applySecurityPolicy(readSecurityPolicyString(inputStream));
            this.security.reloadSecurityPolicyFingerprint();
            this.security.reloadCommandLineFingerprint();
            return Response.ok().build();
        } catch (KuraException e) {
            if (KuraErrorCode.INVALID_PARAMETER.equals(e.getCode())) {
                throw DefaultExceptionHandler.buildWebApplicationException(Response.Status.BAD_REQUEST, e.getMessage());
            }
            throw DefaultExceptionHandler.toWebApplicationException(e);
        }
    }

    private String readSecurityPolicyString(InputStream inputStream) {
        if (inputStream == null) {
            throw DefaultExceptionHandler.buildWebApplicationException(Response.Status.BAD_REQUEST, "Security Policy cannot be null or empty");
        }
        int i = 0;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[1024];
        while (true) {
            try {
                int read = inputStream.read(bArr, 0, bArr.length);
                if (read == -1) {
                    byteArrayOutputStream.flush();
                    if (byteArrayOutputStream.size() == 0) {
                        throw DefaultExceptionHandler.buildWebApplicationException(Response.Status.BAD_REQUEST, "Security Policy cannot be null or empty");
                    }
                    return getCharBuffer(byteArrayOutputStream).toString();
                }
                i += read;
                if (i > 1048576) {
                    throw DefaultExceptionHandler.buildWebApplicationException(Response.Status.BAD_REQUEST, "Security policy too large");
                }
                byteArrayOutputStream.write(bArr, 0, read);
            } catch (IOException e) {
                throw DefaultExceptionHandler.toWebApplicationException(e);
            }
        }
    }

    private static CharBuffer getCharBuffer(ByteArrayOutputStream byteArrayOutputStream) {
        try {
            return StandardCharsets.UTF_8.newDecoder().onMalformedInput(CodingErrorAction.REPORT).decode(ByteBuffer.wrap(byteArrayOutputStream.toByteArray()));
        } catch (CharacterCodingException unused) {
            throw DefaultExceptionHandler.buildWebApplicationException(Response.Status.BAD_REQUEST, "Security Policy must be UTF-8 encoded");
        }
    }
}
